Much of our commerce now occurs in the form of e-commerce, through computer users who access services over the Internet and using the World Wide Web. Because this commerce involves money, it draws unsavory characters to its periphery—in the form of fraudsters. The goal of such people is to intercept or otherwise interfere with the activities of legitimate commerce so as to identify confidential information like account numbers, passwords, user IDs, and the like, as a mechanism toward stealing money from such users or from the organizations that provide services to such users. For example, through a technique known as a “Man in the Browser” attack, malware (i.e., malicious software, used, for example, to disrupt computer operation, improperly gather sensitive information, or improperly gain access to private computer systems) may be loaded on a client computer and may attempt to intercept information such as account numbers and passwords where a user interacts with a banking site, or passwords and credit card information when the user interacts with an on-line retail store.
Various approaches have been taken to identify and prevent such malicious activity. For example, some approaches install defensive software on client computers. Alternative approaches run various kinds of analysis tools on the transactions and/or network traffic on a server system to detect improper activity.